INFO: Accessible SMTP Report

DESCRIPTION LAST UPDATED: 2023-12-29

DEFAULT SEVERITY LEVEL: INFO

This report contains a list of accessible SMTP servers found by our daily IPv4 full Internet scans. This is just a population scan – there are no vulnerabilities being reported – but network owners should be aware of any unintentional SMTP server exposure and should verify all are patched to the latest software version.

This is just a population/external surface exposure scan. If you prefer not to receive it, contact us to opt-out.

For a report containing vulnerable email servers please check out our Vulnerable SMTP Report and Vulnerable Exchange Server Report.

You can track latest SMTP scan results on the Shadowserver Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report comes in 2 versions, IPv4 and IPv6.

Filenames: scan_smtp, scan6_smtp

Fields

  • timestamp
    Timestamp when the IP was seen in UTC+0
  • severity
    Severity level
  • ip
    IP of the detected device
  • port
    Port response was received from
  • hostname
    Hostname of the device (may be from reverse DNS)
  • tag
    Array of tags. This will be typically smtp.
  • asn
    AS of the detected device
  • geo
    Country of the detected device
  • region
    Region of the detected device
  • city
    City of the detected device
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • banner
    SMTP server banner collected

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","banner","sector","auth_ssl_response","auth_tls_response","cert_expiration_date","cert_expired","cert_issue_date","cert_length","cert_serial_number","cert_valid","cipher_suite","freak_cipher_suite","freak_vulnerable","handshake","issuer_business_category","issuer_common_name","issuer_country","issuer_email_address","issuer_given_name","issuer_locality_name","issuer_organization_name","issuer_organization_unit_name","issuer_postal_code","issuer_serial_number","issuer_state_or_province_name","issuer_street_address","issuer_surname","jarm","key_algorithm","md5_fingerprint","raw_cert","raw_cert_chain","self_signed","sha1_fingerprint","sha256_fingerprint","sha512_fingerprint","signature_algorithm","ssl_version","sslv3_supported","subject_business_category","subject_common_name","subject_country","subject_email_address","subject_given_name","subject_locality_name","subject_organization_name","subject_organization_unit_name","subject_postal_code","subject_serial_number","subject_state_or_province_name","subject_street_address","subject_surname","tlsv13_cipher","tlsv13_support","validation_level"
"2010-02-10 00:00:00",info,192.168.0.1,tcp,25,node01.example.com,smtp,64512,ZZ,Region,City,0,,"220 ESMTP Ready","Communications, Service Provider, and Hosting Service",,,"2021-11-12 11:18:27",Y,"2012-11-14 11:18:27",2048,B3F13DFBDBA2D8B2,N,TLS_AES_256_GCM_SHA384,,,,,example.com,,,,,,,,,,,,,rsaEncryption,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,,,N,03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,,,,,example.com,ZZ,,,,,,,,,,,,,
"2010-02-10 00:00:01",info,192.168.0.2,tcp,25,node02.example.com,smtp,64512,ZZ,Region,City,0,certificate,"220 ESMTP Ready",,,,"2021-11-12 11:18:27",Y,"2012-11-14 11:18:27",2048,B3F13DFBDBA2D8B2,N,TLS_AES_256_GCM_SHA384,,,TLSv1.2,,example.com,,,,,,,,,,,,,rsaEncryption,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,,,Y,03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,sha256WithRSAEncryption,2,,,example.com,ZZ,,,,,,,,,,,,,unknown
"2010-02-10 00:00:02",info,192.168.0.3,tcp,25,node03.example.com,smtp,64512,ZZ,Region,City,0,certificate,"220 ESMTP Ready","Communications, Service Provider, and Hosting Service",,,"2021-11-12 11:18:27",Y,"2012-11-14 11:18:27",2048,B3F13DFBDBA2D8B2,N,TLS_AES_256_GCM_SHA384,,,TLSv1.2,,example.com,,,,,,,,,,,,,rsaEncryption,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,,,N,03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,sha256WithRSAEncryption,2,,,example.com,ZZ,,,,,,,,,,,,,DV

Our 135 Report Types

« Back to Network Reporting